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In the Claims 



If 



1 . (Previously Cancelled) 

2. (Previously Cancelled) 

3 . (Previously Cancelled) 

4 . (Previously Cancelled) 

5. (Currently Amended) A computer-implemented system for protecting a 
network, comprising: 

a vulnerability detection system (VDS) for gathering information about the 
netwolk to determine vulnerabilities of a plurality of hosts on the 
network; and 

an intrusion detection system (IDS) for examining network traffic responsive 
to the vulnerabilities of a host from the plurality of hosts as determined 
by the vpS to detect traffic indicative of malicious activity. 

6. (Currently Amended) The system of claim 5, wherein the VDS is adapted 
to gather information aboullthe network by sending data to the plurality of hosts and 
receiving responsive data from the plurality of hosts. 

7. (Currently Amended) The system of claim 5, wherein the VDS is adapted 
to gather information automatically provided by the plurality of hosts, 

8. (Currently AmeiftJed) The system of claim 5, further comprising: 

a vulnerabilities rulei database, in communication with the VDS, for storing 
rules describing vulnerabilities of the plurality of hosts. 
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wherein the 1 
to dett 

9. (Currently Amended) The system of claim 8, wherein the VDS is adapted 
to analyze the gathered information with the rules to identify operating systems on the 
plurality of hosts and deteAnine the vulnerabilities responsive to the respective operating 
systems. 1 

10. (Currently AiAended) The system of claim 8, wherein the VDS is adapted 
to analyze the gathered information with the rules to identify an open ports on the 
plurality of hosts and determine the vulnerabilities based on the open ports. 

1 1 . (Currently Amdnded) The system of claim 8, wherein the VDS is adapted 
to analyze the gathered information with the rules to identify a» applications executing on 
the plurality of hosts and determine the vulnerabilities based on the applications. 

12. (Original) The system of claim 5, further comprising: 
an intrusion rules database, in communication with the IDS, for storing rules 

describing malicious activity, 
wherein the IDS is adapted to analyze the network traffic with the rules to 
detect networkkraffic indicative of exploitations of the determined 
vulnerabilities. 1 

13. (Original) The systdU of claim 5, wherein the IDS is adapted to detect 
traffic indicative of exploitations of only the determined vulnerabilities. 

14. (Cancelled) \ 



)S is adapted to analyze the gathered information with the rules 
line the vulnerabilities of the plurality of hosts. 
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1 5- (Oiginal) The system of claim 5, wherein the VDS is adapted to update the 
determined vulnerabilities, and wherein the IDS is adapted to detect traffic indicative of 
malicious activity in response to the update. 



16. (Original) The system of claim 15, wherein the VDS is adapted to update 
the determined vulnerabilities in response to a change in the network. 

1 7. (Currently ^mended) A computer-implemented method for protecting a 
network, comprising: 

gathering information about the network to determine vulnerabilities of a 

plurality of hosts on the network; and 
examining network traffic responsive to the determined vulnerabilities of a 

host from foe plurality of hosts to detect network traffic indicative of 

malicious activity. 



1 8. (Currently Ameftded) The method of claim 1 7, wherein gathering 
information comprises sendins data to plurality of hosts on the network and receiving 
responsive data from the plurality of hosts. 

19. (Currently Amended) The method of claim 17, wherein gathering 
information comprises receiving pata automatically provided by the plurality of hosts on 
the network. 



20. , (Currently Amended] The method of claim 17, further comprising: 
storing rules to describe vulnerabilities of the plurality of hosts, 
wherein determining vulnerabilities includes analyzing the gathered 
information with thp rules. 
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2 1 . (Currently Amended) The method of claim 20, wherein determining 
vulnerabilities comprises analyzing the gathered information with the rules to identify aft 
operating systems on the plurality of hosts. 

22. (Currently Amended) The method of claim 20, wherein determining 
vulnerabilities comprises analyzing the gathered information with the rules to identify a* 
open ports on the plurality of hosts. 

23. (Currently Amended) The method of claim 20, wherein determining 
vulnerabilities comprises comparing the gathered information against the rules to identify 
an applications on thej pluralitv of hosts. 



24. (Original) The method of claim 17, further comprising: 
storing rulesldescribing malicious activity, 

wherein detecting network traffic indicative of malicious activity comprises 

analysing the network traffic with the rules to detect traffic indicative of 
exploitations of the determined vulnerabilities. 

25. (Original) [The method of claim 1 7, wherein examining network traffic 
consists of detecting traffic indicative of exploitations of only the determined 
vulnerabilities. 

26. (Cancelled]) 

27. (Currently Amended) The method of claim 17, further comprising: 
updating the determined vulnerabilities in rooponso to a change in tho network ; 

and detecting traffic indicative of malicious activity in response to tine 
update. 
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28. (Original) The method of claim 27, wherein the updating is responsive to a 
change in the netwoi 

29. (Currently Amended) A computer program product, comprising: 
a computer-jreadable medium having computer program logic embodied therein 

for protecting a network, the computer program logic; 
gathering information about the network to determine vulnerabilities of a 

plurality of hosts on the network; and 
examining network traffic responsive to the determined vulnerabilities of a 

host from the plurality of hosts to detect network traffic indicative of 

malicious activity. 

30. (Currently Amended) The computer program product of claim 29, wherein 
gathering information comprises sending data to plurality of hosts on the network and 
receiving responsive data from the plurality of hosts. 

3 1 . (Currently Ainended) The computer program product of claim 29, wherein 
gathering information comprises receiving data automatically provided by the plurality of 
hosts on the network. 

32. (Currently Amended) The computer program product of claim 29, further 
comprising: 

storing rules to describe vulnerabilities of the plurality of hosts, 
wherein determining vulnerabilities includes analyzing the gathered 
information with the rules. 

33. (Currently Amenqpd) The computer program product of claim 32, wherein 
determining vulnerabilities comprises analyzing the gathered information with the rules 
to identify aa operating systems An the plurality of hosts. 
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34. (CuAently Amended) Hie computer program product of claim 32, wherein 
determining vulnerabilities comprises analyzing the gathered information with the rules 
to identify a& opentoorts on the plurality of hosts. 

3 5 . (Currently Amended) The computer program product of claim 32 3 wherein 
determining vulnerabilities comprises comparing the gathered information against the 
rules to identify as applications on the plurality of hosts. 

36. (Original) The computer program product of claim 29, further comprising: 
storing rules\describing malicious activity, 

wherein detecting network traffic indicative of malicious activity comprises 

analyzing the network traffic with the rates to detect traffic indicative of 
exploitations of the determined vulnerabilities. 

37. (Unamends) The computer program product of claim 29, wherein 
examining network traffid consists of detecting traffic indicative of exploitations of only 
the verified vulnerabilities^ 

38. (Cancelled) 

39. (Currently Attended) The computer program product of claim 29, further 
comprising: 

updating the determined vulnerabilities in respons e to - a - efe as igo - in the network ; 
and 

detecting traffic indicative of malicious activity in response to the update. 

40. (Currently Amenojed) The computer program product of claim 39 22, 
wherein the updating is responsive to a change in the network. 
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